CVE-2024-56780
quota: flush quota_release_work upon quota writeback
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots() Since we currently don't always flush the quota_release_work queue in
this path, we can end up with the following race: 1. dquot are added to releasing_dquots list during regular operations. 2. FS Freeze starts, however, this does not flush the quota_release_work queue. 3. Freeze completes. 4. Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state: ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0 Which is the following line: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); Which ultimately results in generic/390 failing due to dmesg
noise. This was detected on powerpc machine 15 cores. To avoid this, make sure to flush the workqueue during
dquot_writeback_dquots() so we dont have any pending workitems after
freeze.
In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots() Since we currently don't always flush the quota_release_work queue in this path, we can end up with the following race: 1. dquot are added to releasing_dquots list during regular operations. 2. FS Freeze starts, however, this does not flush the quota_release_work queue. 3. Freeze completes. 4. Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state: ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0 Which is the following line: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); Which ultimately results in generic/390 failing due to dmesg noise. This was detected on powerpc machine 15 cores. To avoid this, make sure to flush the workqueue during dquot_writeback_dquots() so we dont have any pending workitems after freeze.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-12-29 CVE Reserved
- 2025-01-08 CVE Published
- 2025-01-08 CVE Updated
- 2025-01-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/d40c192e119892799dd4ddf94f5cea6fa93775ef | Vuln. Introduced | |
| https://git.kernel.org/stable/c/86d89987f0998c98f57d641e308b40452a994045 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/89602de9a2d7080b7a4029d5c1bf8f78d295ff5f | Vuln. Introduced | |
| https://git.kernel.org/stable/c/3027e200dd58d5b437f16634dbbd355b29ffe0a6 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/dabc8b20756601b9e1cc85a81d47d3f98ed4d13a | Vuln. Introduced | |
| https://git.kernel.org/stable/c/f3e9a2bbdeb8987508dd6bb2b701dea911d4daec | Vuln. Introduced | |
| https://git.kernel.org/stable/c/903fc5d8cb48b0d2de7095ef40e39fd32bb27bd0 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/31bed65eecbc5ce57592cfe31947eaa64e3d678e | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.257 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.257 < 5.4.287" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.195 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.195 < 5.10.231" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.132 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.132 < 5.15.174" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.53 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.53 < 6.1.120" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.64" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.12.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.12.4" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.13-rc2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.13-rc2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.19.295 Search vendor "Linux" for product "Linux Kernel" and version "4.19.295" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.4.16 Search vendor "Linux" for product "Linux Kernel" and version "6.4.16" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5.3 Search vendor "Linux" for product "Linux Kernel" and version "6.5.3" | en |
Affected
| ||||||